why my IgnoreRoute does not work? - asp.net-mvc-3

I want to prevent users access for my "~/Content/..." folder I wrote it as follow in "Global.asax.cs" and put this line of code at the top of every other routes
routes.IgnoreRoute("Content/{*pathInfo}");
but it does not work. in fact user can see every files in content folder by type the URL in browser.
am I missing something?

How did you figure out that it does not work? Give example.
You may have put it last in the Routing table. So try to move it up so that it gets added to the routing table first. The route collection is an ordered list of routes.
Also try this : Routes.IgnoreRoute("Content/");, but your version of ignore is also correct and it should work.
Lastly, I do not know what you mean when you say the user can see all the contents of the Content folder : Isn't that the point? User must be able to download files from the folder, and we usually just need MVC to ignore the requests from coming into the framework, and so that IIS can directly serve those files.
or did you mean Directory browsing is enabled, and you want to disable that : In that case go to IIS manager, and select your website and look for the Directory browsing option and disable it as shown here.

Your problem cannot be solved by routing constraints. There are 3 significant steps in processing request:
IIS got request.
IIS watch at filesystem and search for direct correspondence to file
If IIS didn't found any file - it gives request to ASP.NET MVC for processing.
So, you need to configure folder security to forbidden direct access to files, but allow access to application, as here.
But I don't recommend to secure folder, that should be shared. I don't believe that your site shouldn't have images to display :) If you have some secured content, you need to create another folder.

Related

How to run Multiple codeigniter application in single shared hosting server?

I am using shared hosing for Codeigniter application for deployment.
How can i run staging url on live server?
1) domain.com (Working)
2) domain.com/staging/ (Not working, showing 404 error)
I created staging folder under public_html directory, now put All CI code in staging folder, and tried to run the application with URL domain.com/staging/ but it redirect on domain.com/404
I expect to run domain.com for users and domain.com/staging for development. (Staging URL i will use for development and after that i will place the same code for live URL.)
This is most easily done by using a subdomain for the staging version, i.e. staging.doman.com. The folder where you put the CI files isn't super important as the subdomain will be set to use the directory you choose.
You will either need to have complete control over the server or have a service provider that allows you to set up subdomains.
- Expanded Answer -
If you cannot set up a subdomain then your next best option is to use the advice in the documentation on Managing you Applications. It isn't required to use the file structure shown there. In your case try the following.
Create a folder on the same level as application named staging.
Into that folder copy all the folders and files normally found in /application.
Add all application folders and files required by your site. The files in these folders are those that make up the application you are staging.
Make a copy of index.php (the file at the root of the public folder, i.e. domain.com/index.php) and name it staging.php. Both index.php and staging.php will be in the same folder.
Edit staging.php and change the value of $application_folder to be the absolute path to the staging folder. For example:
$application_folder = '/path/to/domain.com/public_folder/staging';
The path above is an example. You must replace it with the actual path in your server. If you have no idea what the full and absolute path is you can use
$application_folder = dirname(__FILE__).'/staging';
Browse to the URL domain.com/staging.php and you should get your default controller's output. To test that you are actually seeing the staging version of the page temporarily change something in the view file so there can be no doubt.
You will go to other controllers by using the URL domain.com/staging.php/other_controller.
Change the value of $config['index_page'] in /staging/config/config.php to staging.php, e.g.
$config['index_page'] = 'staging.php';
Without the above change redirect() and many other "helper" functions will not work correctly.
(Optional?) You can probably edit the main .htaccess and add rewrite rules for staging.php the same way it is done for index.php. But I will leave that as an exercise for you. (Or for another SO question.)
A final word. It might be necessary to make other configuration changes to accommodate the revised file structure. I tested the answer here but did not go beyond the most basic task of browsing to controllers. Most likely config values for sessions, cookies, and many others will need to be adjusted for the staged version to work correctly. Check out the documentation on Handling Multiple Environments for guidance on making this less painful.

Laravel - how to protect /public/files/uploads/ from web acces by customers

I've got a question.
the admin and employee can upload stuff into /public/files/uploads/
and the customers are only allowed to see a part of the files in uploads.
but when I login as customer and visit: /public/files/uploads/
I can open and view every file.
I would like to know how to protect this from customers, like when they try to open /public/files/uploads/ they redirect back to the home view.
This would need some sort of .htaccess but I can't seem to figure out how to get it working.
Any help would be appreciated.
Thanks in advance.
Try to put an empty index.html file in this folder.
Also, are your normal URLs contain public? If so, you have wrong web server configuration and you should point your web server (Apache, Nginx) to a public directory instead of Laravel project's root folder.

Redirect sub domain requests to look like it's from main domain

How do I go about doing the following:
I have a main domain at say http://www.domainname.com
and a another site at http://www.domainname.com/billing/
When loading knowledgebase articles it loads with http://www.domainname.com/billing/knowledgebase.php
I want it to load the content but make it look like it's coming from
http://www.domainname.com/knowledgebase.php
In otherwords anything when I load
http://www.domainname.com/knowledgebase.php*
it should load the content that exists at /billing/knowledgebase.php*
Possible?
It can be achieved with the .htaccess file and the use of mod_rewrite, however I know what you're trying to achieve, and from personal experience I'd say to stop while you're ahead, if you want a root based WHMCS install, then delete it all and start again, by installing WHMCS in the root, rather than a sub-directory. Although WHMCS says to install itself in a sub-directory, a lot of people treat it like a CMS, and as such really want it to be the homepage and content manager of the whole site.

Joomla 1.6 backend admin area blank

For some reason, when I log into my joomla 1.6 backend, it is now empty, displaying only a logout button. Any Ideas?
I just went through the same problem but on J!1.7.3. There may be many, many reasons but please check using just URL if you can see for example:
[YourDomainHere]/administrator/index.php?option=com_content or
[YourDomainHere]/administrator/index.php?option=com_modules
If content is listing and you're missing just Admin-menu and sub-navigation in back-end --> this means you messed-up with access levels and viewing access.
If you can't see content listing - ignore the rest of this post :-)
...with access levels and viewing access. To check that, try entering [YourDomainHere]/administrator/index.php?option=com_users&view=levels and enter each position in the list. Joomla backend navigation module usually has Access set to Special, so focus on this one. When enter Special - manager, author and super administrator should be ticked. If everything empty in any from the list - this is your issue :)
You need to add manager, author and super administrator to your Special access level. Obviously you can't see Save button, so you need to use database. [wrrr :) sounds scary?] Not a big deal, just go there using for example phpMyAdmin and find _viewlevels table. In there just edit Special and add [6,2,8] values to set up manager, author, super.....
Update database. Try to log-in one more time (close browser and clean cache before).
I hope if this wasn't helpful for you, will be for somebody else.
p.s. There may be a way of 'saving' changes in you joomla access levels with URL. Then you don't need to go to DB .. but I don't know if this is feasible at all :)
Check the rewrite of htaccess and the $mosConfig_absolute_path variable in config.php
Apparently, the Bluestork Template (admin template) has some security issues. In my case there were some missing files in the template folder /administrator/templates/bluestork/ that caused the administrator screen to appear blank. I've copied a clean version of the template in the bluestork folder and after that I was able to see the backend admin area.
I've removed the bluestork templates entirely for now, which seems to be the best option. Joomla installs 2.5.8, 2.5.6, 2.5.2, 1.7.0, 1.6.3 are affected. The Blustork Template is a target for hacks with old Joomla.
this happening becoz of admin user lost his permissions. see below article to fix this issue
http://www.codentalk.com/joomla-admin-showing-blank-page/

Troubles after installing Two stores with same php docroot

I am trying to setup multiple stores within same hosting account and I studied many interesting guides out there on the matter.
Seems to me I figured out simplest solution for me - map both my dot com sites onto the same directory on host, and modify .htaccess to launch different website depending on URL, like so:
SetEnvIf Host .*anatscraftonia.* MAGE_RUN_CODE="anatscraftonia";
SetEnvIf Host .*anatscraftonia.* MAGE_RUN_TYPE="website";
My first store works fine, but when I go to anatscraftonia.com , all I get always is a Magento 404 page.
I checked all settings, multiple stores are defined and code above is copy/paste from Admin console under Website I added. I have Home page enabled for All Stores and Base URL redefined for both Secure/Unsecure. I also tried changing website to store, with no improvements.
What else am I missing? How do I even know what page is it trying to go to, or whether it even gets “no-route” or just totally whacked…
I threw together some quick and dirty code a few years ago to log the controller dispatch process in Magento Community 1.3x.
http://alanstorm.com/magento_controller_dispatch_logging
I don't think you'll be able to drop those files into a current installation, but it should give you an idea where to stick some logging functions to see why Magento is routing to a 404.
I am not 100% sure what you are trying to achieve but why not use a single instance of magento to handle both stores and magentos own multi store capability..
full details here http://dx3webs.com/front/2010/08/magento-multistore-setup-under-plesk/ post contains links to cpanel instructions as well.
the instructions are for multiple domains but will work with sub folders

Resources